XStream is a simple library to serialize and de-serialize objects to and
from XML.
It was found that XStream could deserialize arbitrary user-supplied XML
content, representing objects of any type. A remote attacker able to pass
XML to XStream could use this flaw to perform a variety of attacks,
including remote code execution in the context of the server running the
XStream application. (CVE-2013-7285)
The main distribution of Red Hat JBoss Data Virtualization 6.0.0 does not
contain the vulnerable XStream library and is not vulnerable to
CVE-2013-7285. Only users of Red Hat JBoss Data Virtualization 6.0.0 who
installed an optional S-RAMP distribution as provided from the Red Hat
Customer Portal are advised to apply this update.